error if empty capabilities are requested

ead46fe1 · Gabriel Zachmann · f1ccb84c · ead46fe1 · ead46fe1
Commit ead46fe1 authored 3 years ago by Gabriel Zachmann
--- a/internal/endpoints/token/mytoken/mytokenEndpoint.go
+++ b/internal/endpoints/token/mytoken/mytokenEndpoint.go
@@ -65,6 +65,12 @@ func handleOIDCFlow(ctx *fiber.Ctx) error {
 			Response: api.ErrorUnknownIssuer,
 		}.Send(ctx)
 	}
+	if req.Capabilities != nil && len(req.Capabilities) == 0 {
+		return serverModel.Response{
+			Status:   fiber.StatusBadRequest,
+			Response: api.Error{Error: api.ErrorStrInvalidRequest, ErrorDescription: "capabilities cannot be empty"},
+		}.Send(ctx)
+	}
 	switch req.OIDCFlow {
 	case model.OIDCFlowAuthorizationCode:
 		return authcode.StartAuthCodeFlow(ctx, *req).Send(ctx)

--- a/shared/mytoken/mytokenHandler.go
+++ b/shared/mytoken/mytokenHandler.go
@@ -104,6 +104,12 @@ func HandleMytokenFromMytoken(ctx *fiber.Ctx) *model.Response {
 	if err := json.Unmarshal(ctx.Body(), &req); err != nil {
 		return model.ErrorToBadRequestErrorResponse(err)
 	}
+	if req.Capabilities != nil && len(req.Capabilities) == 0 {
+		return &model.Response{
+			Status:   fiber.StatusBadRequest,
+			Response: api.Error{Error: api.ErrorStrInvalidRequest, ErrorDescription: "capabilities cannot be empty"},
+		}
+	}
 	req.Restrictions.ReplaceThisIp(ctx.IP())
 	req.Restrictions.ClearUnsupportedKeys()
 	log.Trace("Parsed mytoken request")